#1541 LDAP authorization with an incorrect username
Reporter
Sergey
Owner
Nobody
Created
Updated
Stars
★ (1)
Tags
Status-New
Component-Community
Type-Defect
Priority-Medium
Sergey
on
I configured Ldap authorization (LDAP2), it works. If I enter the wrong password, the wrong password window is displayed. And if I enter a non-existent username, the authorization window freezes and an error message appears in the logs:
prosody[14484]: mod_bosh: Traceback[bosh]: /usr/lib/prosody/modules/ldap.lib.lua:218: attempt to index local 'attribs' (a nil value)
stack traceback:
/usr/lib/prosody/modules/ldap.lib.lua:218: in function 'singlematch'
/usr/lib/prosody/modules/ldap.lib.lua:187: in function </usr/lib/prosody/modules/ldap.lib.lua:179>
(tail call): ?
...ib/prosody/modules/mod_auth_ldap2/mod_auth_ldap2.lua:54: in function 'plain_test'
/usr/lib/prosody/util/sasl/plain.lua:72: in function </usr/lib/prosody/util/sasl/plain.lua:38>
(tail call): ?
/usr/lib/prosody/modules/mod_saslauth.lua:77: in function </usr/lib/prosody/modules/mod_saslauth.lua:66>
(tail call): ?
/usr/lib/prosody/util/events.lua:67: in function 'fire_event'
/usr/lib/prosody/core/stanza_router.lua:149: in function </usr/lib/prosody/core/stanza_router.lua:56>
...
/usr/lib/prosody/net/http/server.lua:108: in function 'process_next'
/usr/lib/prosody/net/http/server.lua:124: in function 'success_cb'
/usr/lib/prosody/net/http/parser.lua:154: in function 'feed'
/usr/lib/prosody/net/http/server.lua:150: in function </usr/lib/prosody/net/http/server.lua:149>
(tail call): ?
/usr/lib/prosody/net/server_select.lua:867: in function </usr/lib/prosody/net/server_select.lua:849>
[C]: in function 'xpcall'
/usr/bin/prosody:376: in function 'loop'
/usr/bin/prosody:407: in main chunk
[C]: ?
I couldn't find an answer to my problem on forums and the Internet. Can you help?
Sergey
on
the problem is observed if you specify base_dn = 'cn=users, dc=example, dc=com', If you specify base_dn = 'dc=example, dc=com', everything works. If you configure via saslauthd there is no such problem, everything works
n2p
on
I'm having the same issue with jitsi meet LDAP authentication.
basedn = 'dc=example, dc=com' does not solve the problem. (It was originally set like this)
In jitsi config (ldap.cfg.lua) it is "basedn" instead of "base_dn".
Jon Lusky
on
I patched prosody ldap module to work around it...
--- /usr/lib/prosody/modules/ldap.lib.lua.dist 2020-04-14 17:24:41.664734644 +0000
+++ /usr/lib/prosody/modules/ldap.lib.lua 2020-04-14 17:31:10.042650354 +0000
@@ -215,7 +215,10 @@
query.scope = 'subtree';
for dn, attribs in ld:search(query) do
- attribs.dn = dn;
+ -- badusername.patch
+ if attribs then
+ attribs.dn = dn;
+ end
return attribs;
end
end
Zash
on
Changes
tags Component-Community
Fabian
on
The mentioned patch from @Jon Lusky does not fix it for me.
A solution would be highly appreciated, as every wrong usernames kills prosody/jitsi-meet
I configured Ldap authorization (LDAP2), it works. If I enter the wrong password, the wrong password window is displayed. And if I enter a non-existent username, the authorization window freezes and an error message appears in the logs: prosody[14484]: mod_bosh: Traceback[bosh]: /usr/lib/prosody/modules/ldap.lib.lua:218: attempt to index local 'attribs' (a nil value) stack traceback: /usr/lib/prosody/modules/ldap.lib.lua:218: in function 'singlematch' /usr/lib/prosody/modules/ldap.lib.lua:187: in function </usr/lib/prosody/modules/ldap.lib.lua:179> (tail call): ? ...ib/prosody/modules/mod_auth_ldap2/mod_auth_ldap2.lua:54: in function 'plain_test' /usr/lib/prosody/util/sasl/plain.lua:72: in function </usr/lib/prosody/util/sasl/plain.lua:38> (tail call): ? /usr/lib/prosody/modules/mod_saslauth.lua:77: in function </usr/lib/prosody/modules/mod_saslauth.lua:66> (tail call): ? /usr/lib/prosody/util/events.lua:67: in function 'fire_event' /usr/lib/prosody/core/stanza_router.lua:149: in function </usr/lib/prosody/core/stanza_router.lua:56> ... /usr/lib/prosody/net/http/server.lua:108: in function 'process_next' /usr/lib/prosody/net/http/server.lua:124: in function 'success_cb' /usr/lib/prosody/net/http/parser.lua:154: in function 'feed' /usr/lib/prosody/net/http/server.lua:150: in function </usr/lib/prosody/net/http/server.lua:149> (tail call): ? /usr/lib/prosody/net/server_select.lua:867: in function </usr/lib/prosody/net/server_select.lua:849> [C]: in function 'xpcall' /usr/bin/prosody:376: in function 'loop' /usr/bin/prosody:407: in main chunk [C]: ? I couldn't find an answer to my problem on forums and the Internet. Can you help?
the problem is observed if you specify base_dn = 'cn=users, dc=example, dc=com', If you specify base_dn = 'dc=example, dc=com', everything works. If you configure via saslauthd there is no such problem, everything works
I'm having the same issue with jitsi meet LDAP authentication. basedn = 'dc=example, dc=com' does not solve the problem. (It was originally set like this) In jitsi config (ldap.cfg.lua) it is "basedn" instead of "base_dn".
I patched prosody ldap module to work around it... --- /usr/lib/prosody/modules/ldap.lib.lua.dist 2020-04-14 17:24:41.664734644 +0000 +++ /usr/lib/prosody/modules/ldap.lib.lua 2020-04-14 17:31:10.042650354 +0000 @@ -215,7 +215,10 @@ query.scope = 'subtree'; for dn, attribs in ld:search(query) do - attribs.dn = dn; + -- badusername.patch + if attribs then + attribs.dn = dn; + end return attribs; end end
The mentioned patch from @Jon Lusky does not fix it for me. A solution would be highly appreciated, as every wrong usernames kills prosody/jitsi-meet
Thank you, Jon Lusky! The patch fixes the problem